Vulnerability Note VU#350135
Various WiMAX routers contain a authentication bypass vulnerability in custom libmtk httpd plugin
WiMAX routers from several vendors making use of a custom httpd plugin for libmtk are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to change the administrator password on the device.
CWE-306: Missing Authentication for Critical Function - CVE-2017-3216
Several WiMAX routers making use of a custom httpd plugin for libmtk (the MediaTek SDK library) are vulnerable to an authentication bypass that allows a remote, unauthenticated attacker to change the administrator password on the device.
A remote, unauthenticated attacker may gain administrator access to the device after changing the administrator password on the device with a crafted POST request.
The CERT/CC is currently unaware of a practical solution to this problem. Consider the following workarounds instead.
Restrict network access
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Huawei Technologies||Affected||31 May 2017||08 Jun 2017|
|ZyXEL||Affected||24 Apr 2017||13 Jun 2017|
|MediaTek||Not Affected||19 Apr 2017||07 Jun 2017|
|Green Packet||Unknown||31 May 2017||31 May 2017|
|MitraStar||Unknown||24 Apr 2017||24 Apr 2017|
|ZTE Corporation||Unknown||31 May 2017||31 May 2017|
CVSS Metrics (Learn More)
Thanks to Stefan Viehböck, SEC Consult Vulnerability Lab, for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2017-3216
- Date Public: 07 Jun 2017
- Date First Published: 07 Jun 2017
- Date Last Updated: 13 Jun 2017
- Document Revision: 52
If you have feedback, comments, or additional information about this vulnerability, please send us email.